Filtered by vendor Eventespresso
Subscriptions
Filtered by product Event Espresso
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6883 | 1 Eventespresso | 1 Event Espresso | 2025-07-10 | 4.3 Medium |
| The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to, and including, 5.0.22.decaf. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify some of the plugin settings. | ||||
| CVE-2017-1002026 | 1 Eventespresso | 1 Event Espresso | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement. | ||||
| CVE-2020-26153 | 1 Eventespresso | 1 Event Espresso | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
Page 1 of 1.